10 Step Security Guide to Keeping your Computer Virus Free

I’ve personally never been infected with any virus or malware on any of my dozens of computers over the 20+ years I’ve been deeply involved with computers all by following the 10 Step Security Guide below. Yes, really…

My Secret? What is this Security Guide? I follow a few simple rules when using my computer and whenever possible I try to exercise good judgment (or call it common sense) when presented with something that doesn’t quite look right. So far so good and if you’re interested in sharing in my good fortune, take a look below at my short computer security guide. Who knows, perhaps it will help you make it through the next decade with little to no Virus issues. 😉

My Information Security Monologue…

To start out, I want to share a fundamental philosophy I try to practice with all my electronic devices. That is, there is no silver bullet for information security<period> Information Security (or computer security as some call it) isn’t about doing just 1 thing and calling it good. Information Security is all about doing several things consistently… indefinitely.

Good Information Security is also about creating security layers. With each new layer of security, the more difficult it becomes to get through your “shield” so to speak… The more layers of security, the more likely you are to keeping your system clean and safe from malicious software. So, with this in mind, my security guide below isn’t listed in any particular order because each recommendation is simply 1 more layer to add to your overall security plan. By themselves, they are easy to compromise. Together, they create a secure barrier between your data and the bad guys.

#1 – Install Operating System Security Updates

I don’t care what operating system you use, it has flaws/bugs/issues/etc.. because guess what, it was written by a human and humans are far from perfect. So, as new bugs/exploits are found and patches for those updates are released, it’s CRITICAL you make sure your computer is protected by installing the latest security updates from Microsoft or any other OS provider (Apple, Linux etc…) you may be using. If you’re an Apple user I can see your smirk from here because you think MAC’s don’t have any security issues right? Think again – Apple tells Mac users: Get anti-virus. Here’re some additional thoughts of my own on the topic as well.

#2 – Install Application Security Updates

Similar to #1, the software you install on your computer is flawed the moment it’s written which means the day you install it is the day your computer is that much less secure. To make things worse, small software companies don’t have the massive security budgets larger corporations have like Microsoft and Apple, so it’s not uncommon for “security” to be left out entirely.

The bad guys (hackers) know this so rather than try to break Microsoft, many are targeting the software on your computer. Fortunately for the hackers… to make their job even easier, they can count on a few pieces of software install on just about every computer out there. You guessed it, Adobe Acrobat Reader. Unfortunately for us, Adobe doesn’t have the greatest track record or writing secure software.

Moral of the story – make sure you’re running the latest versions of software on your system and verify at least monthly you’re running the latest security updates as well. This is not easy if the software doesn’t have auto-update features but… that’s still a massive attack surface that needs to be kept clean. I know… This is a tough one, and it will take a lot of work. Good luck groovyReaders!

#3 – Install a quality Anti-Virus Application

With so many high-quality FREE anti-virus applications available for most operating systems, you have no excuse to be running with no Anti-Virus software. My recommendation? Keep things simple and use Microsoft’s free Anti-virus client. If you’re not a Microsoft Windows user… Take a look at this list and grab one that works for the Mac. By running AV software, you’re not just protecting yourself; you’re also protecting the community….. Deep I know… 😉

New Viruses / malicious software is created and spread around the internet daily. To combat this, Anti-Virus (AV) companies update their software so they can detect and block (hopefully) the malicious software from infecting your computer. AV companies call these updates either “Signatures” or “Definitions” depending on which product you use.

In the past, it was OK to update your computer once a week or once a month with these new AV definitions. However, in today’s climate, you really should have your AV application set to update daily or hourly if possible to protect your system from the latest threats. Below is an example of my system which shows how the Microsoft AV product – Microsoft Security Essentials recently updated its Virus Definitions earlier this afternoon:

Now in the case of Microsoft Security Essentials, there is no way to configure it to pull down new updates every hour (unless you want to get fancy with a batch script and manually pull down updates which I wouldn’t recommend) however I’ve noticed it does update itself daily if not every other day so you should be fine. To make sure you get updates at least weekly, however, under the settings tab I recommend you check the box “Check for the latest virus & spyware definitions before running a scheduled scan” however that’s a default setting so you should be fine just installing it and letting it role.

For other AV applications like McAfee checking to see if you’re running the latest signatures is simple. Normally just find the Icon on your toolbar and Right Click its tray icon and ClickAbout

You should also be able to configure your AV update and its AV definitions and signatures on a set schedule either weekly, daily, hourly or even every minute (not recommended) as shown below in an older copy of McAfee Anti-Virus.

In summary, your AV application is useless 2-3 weeks after installing and in some cases they DAY you install it so BE SURE TO KEEP IT UPDATED or else you might as well not even install it. Think of it like this. Your Anti-Virus program is like a gun and the security signature updates released daily are the bullets. A gun without bullets is worthless. Likewise, an anti-virus program is useless without regular updates to its signature files. Be sure to update it daily with the latest signatures and definitions.

#5 – Install a good Anti-Spyware / Adware / Malware application

Some might argue that if you have a good AV application installed, you don’t need to worry about installing a specific Anti-Spyware / Adware application. Personally, as mentioned above I believe in protecting my systems using layers of security. If a layer misses an exploit due to an old Virus Signature, the next layer might get it. So, with that in mind, I like to install an Anti-Spyware application along with an Anti-Virus application just for the added layer of security. Despite all the negative press from the Vista days due to performance issues… Windows Defender has actually worked well on my Windows 7 system with little to no impact on system performance. Another good option if you want a different set of Signature files between your Anti-Virus App and your Anti-Spyware App is SpyBot Search and Destroy. It’s been around for years and very widely used across the world. It’s probably my #2 choice if not #1 depending on my mood. 😉

#6 – Don’t be an Internet Victim! Use your brain!

Now that you’ve completed steps 1-3 above guess what! You’re ready to open your web browser and surf the internet and use email! Now, before you get all carried away with the feeling of invincibility because your PC is fully updated and secured, guess what. The next few tips are actually the most important. That’s right… Ignore a few tips below and your computer will probably end up infected with malicious software in just a matter of weeks if not days.

#7 – Use common sense while using Email

If you get an email from someone you don’t know, DELETE IT!

If you get an email with a file attachment you weren’t expecting even from a close friend or family member, DELETE IT! If the email was legit, ask them about it later and have them resend.

If a bank or credit card company emails you and to tell you your account was hacked, DELETE IT! Banks will ALWAYS call you if there is a problem with your account. I guarantee this 100% of the time. Even if the email is legit, DELETE IT and call your bank. You don’t want all those private details in email anyway.

If you get an email that tells you to send money somewhere, DELETE IT!

If you get an email, that tells you that you’ve won money….. DELETE IT!

If you get an email with an attachment that’s compressed and password protected, DELETE IT!

Be wary of poorly written broken English emails. For one, it’s not worth reading and two, it’s probably a scam or a virus.

Be very wary of Greeting cards and Evites. Most of them want you to click on a link.

If you get an email from your mother-in-law telling you about a new virus on the internet DELETE IT (sorry, couldn’t resist).

Remember – If something doesn’t look right or if an email scares you… DELETE IT. When in doubt, throw it out!

#8 – Surf the web securely

Review security features of your favorite sites like Twitter. I recently wrote a Twitter Security best practice guide which reviews some of the things you can do to keep your Twitter account secure. This guide is just one example of many, however.

If you visit a website, and they offer to scan your computer for viruses, leave the site immediately. More than likely it’s a scam to get you to install something on your computer which is never a good thing…

NEVER install any software from a Website unless you know EXACTLY what the software is, and you went to that site to install it. Some websites you visit will prompt you to install some software to either scan your computer for malicious software or to allow you to watch a movie or..??? Be VERY wary of this stuff. There’s almost no way of knowing what it is that’s getting installed so be VERY WARY. No credible company will ask you to install anything to view their site (Adobe Flash or Microsoft Silverlight is the exception to this rule).

Never install free games found on the internet. If you want a game for you kids, try to stick to Flash based games that work in your browser. If a kids site wants you to install something on your computer, forget it. Run away!!

Ready for this one? If you can… avoid the shadowy side of the internet AKA – Porn sites, Hacking Sites, BitTorrent Sites and Applications, Password Sites for Porn and Application sites, etc… These are all FULL of Malicious software just waiting to be installed on your computer.

Don’t steal software by download it from BitTorrent sites. Almost 100% of the time, the software you download from a Torrent will be protected by copyright law and is probably infected with some malicious code / virus which will install right alongside the application. Best to just buy the software you want and stay away from the “Free / Illegal” side of the internet.

#9 – Create a unique, strong password for each of your online accounts

Password management is key to keeping your computer and your online data secure. Many however don’t know the difference between a good password and a bad password. If your one of these people, just follow the three steps below to help you create a secure and unique password!

A strong password is a unique password. As tempting as it might be, never use the same password on multiple websites. Sharing passwords between sites is like Russian Roulette. All it takes is one website hack to really ruin your day. Add a layer of security to your online accounts by using unique passwords.

Don’t use dictionary words. Yeah I know, your kids are really cute, but their names make horrible passwords as do months of the year. Dictionary words are easy to guess, and there’re about a million apps out there which specialize in attacking accounts using dictionary words in all known languages.

Use a passphrase. You mean like an actual phrase? Yes, that’s exactly what I mean. The great thing about a passphrase is it’s long, it’s not a dictionary word and in some cases, it’s easy to include special characters. Unfortunately, Twitter doesn’t allow spaces in their passwords however you can still use special characters like in my example: ilovegroovypostsoverymuch!! – Wow, a 27 character password which is easy to remember and includes two special characters. Good luck trying to hack a password like that one!

#10 – Routine system maintenance

Backup… Oh.. how could we forget about backup! No matter how many precautions you take, having a solid and reliable backup is a must have. If you’re not backing up your system today, stop what you’re doing and take the steps necessary to get a full system backup now! What should you use? There are a million different options. If you prefer to keep your backup close, grab a USB drive and create a system image.

If you want my advice, use Crashplan. It’s a rock solid cloud solution that just works. Period. It’s cost effective for both a single PC or all the PCs in your home (Windows or Mac). I loved it so much, I bought it for all my computers at home AND for work. Yup, we run over 2000 copies of Crashplan at my corporation, and it works great!

One of our groovyReaders below reminded me to include our final security tip which is to routinely clean out the cobwebs on your system by deleting old cookies, Internet history, browser cache and system temp folders on your system. I’ve already written a guide for this using a free tool called CCLeaner. That said, the tool is very simple to use, automatically updates itself and if you follow my guide – is safe to use.

This final tip is important because as you surf the web and install software, you pick up “things” like small bits of websites in cache, cookies which track you surfing, etc. By clearing out these small bits from time-to-time, you’re not only wiping away those tracking cookies, but you’re also protecting yourself in the event your system becomes compromised. Granted, if that happens your already owned however as I mention below, security is about layers, and this is just one more you can add-on to your routine.

Conclusion

It’s important to note, the Security Guide above is not the 100% complete list because honestly, with Information Security, nothing is 100%. As already stated, it’s about doing a lot of little things and using common sense vs. finding an end-all Security Guide on the internet somewhere. That being said, if you notice something obvious that I missed, please contribute and drop your tips in the comments below and I’ll do my best to quickly add it to the Security Guide. I’m sure all the groovyReaders out there will appreciate it!

So stay safe, be smart and don’t be an Internet victim. Following these tips should help with keeping your computer virus free MOST of the time… granted nothing is perfect. Security is all about “Layers” as Shrek would say:

Shrek: Ogres are like onions.Donkey: They stink?Shrek: Yes… No!Donkey: Oh, they make you cry.Shrek: No!Donkey: Oh, you leave em out in the sun, they get all brown, start sproutin’ little white hairs.Shrek: NO! Layers! Onions have layers. Ogres have layers. Onions have layers. You get it? We both have layers.
[sighs]
Donkey: Oh, you both have layers. Oh. You know, not everybody like onions.

18 Comments

18 Comments

Kalyan

Excellent collection. I had most of these in my head, but thanks for bundling all of these for me.

I can advise a few more.. maybe you will find them useful to add..
1. Staying away from free browser toolbars
2. Don’t use external Hard disks and USB sticks without scanning them if they have been to other computers
3. Enable phishing protection in browsers
4. Check Urls when entering username/password on a website after clicking a link in email.

#2 just happened to me. A few months ago Information security stopped by my desk at work because they said I was full of virus infected crap on my box. Turns out it was the External USB drive I connected to my PC at work. The external drive was from my Sisters PC. She gave it to me so I could grab all her family photo’s and put them up on a website. Turns out it was just FULL of malware. So yeah, lesson learned!!!

#4 – Another good one. It’s also good to check the URL from an email and verify the ROOT of the domain is really what you think of it.

In other words, I get emails all the time that say:

Your account has been hacked. Click here to confirm it’s not you and the link is:

Great feedback Kalyan. Couldn’t agree more with each bullet you laid out. I think #1 is a one worth consideration. Toolbars are a big privacy black hole. I’m going to bet each of the EULA for them are quite scary. #4 also can be nasty if your not paying attention to the phishing schemes…

So many people do a great job protecting their OS with regular patches but forget to patch the applications on their PC…… so good call out.

I think you should also add something about use CCLeaner or some other tool to regularly wipe crap off your boxes temp files etc… Then again, I guess that’s more of a privacy thing and not really “Security” protection related.

I also suggest the new EMET 2.0 utility from Microsoft. It makes it simple to fully enable hardware-level Data Execution Prevention and SEHOP, and you can also add extra mitigations to any apps you think would be likely targets (browsers, media players, IM and VoIP programs, PDF readers, Java, and so forth). Free, pretty straightforward.

A couple others:

1) make a separate Admin-level user account, then switch your “daily-driver” users (including yourself) to Standard User accounts. Bust out the Admin account when you actually need it, lay it aside when you don’t.

2) run the Secunia PSI checkup from secunia.com at least every couple weeks. It’s free for home users, and makes it really easy to tell if you need to patch some of your applications.

3) if your computer has users who don’t always recognize good from bad, you can enable Parental Controls to arbitrarily prevent them from executing files that you didn’t put on the system and pre-approve. It’s not without its drawbacks, but it’s a lot easier to deal with than a six-hour adventure in rootkit removal would be 🙂 For the full-strength version, called Software Restriction Policy, you need the Business/Pro/Ultimate/Enterprise levels of Windows.

Separate admin account, this in my opinion is one of the most important security layers available. Even on Windows 7 with UAC I use a locked down account and escalate only when needed (99% prompted for credentials when needed) as you never know whether UAC under an admin account will be circumvented (again).

For non-technical users, education is key, I always try to explain that if you are prompted to allow something then make sure you know what it is and that you wanted to run it.

I’m sure there are statistics from a study stating that at least 70-80% of malicious code would be prevented from running successfully without admin privileges… unfortunately I can’t find the link so don’t quote me on the figures! The closest I can find is http://www.zimbio.com/Windows+XP/articles/hlE1vpb4500/Configure+Admin+Rights+More+Secure+Windows which states “The key finding shows that 90 percent of critical Windows 7 vulnerabilities could be mitigated simply by not allowing standard users to run with administrator privileges” but I cannot confirm the reputability of the source (beyondtrust.com)

Thanks for the tips @Chooibah – and yeah I agree. Running with least privilege is another great way to lower the attack surface. I primarily didn’t mention it because frankly, I’ve found it really really hard to convince people to not run email and their browser while logged in with admin rights. This probably deserves its very own groovyPost.

Not a bad article about security and preventing the obvious, however it was extremely difficult to read. My 4th grade godson has better grammar. When YOU’RE going to put something for everyone to read then maybe YOUR writing should be correct. Understand the concept between your and you’re?

Steve, never had a virus? I would beleive you if you said you got one, but caught it with AV as it was loading. Anyway, I have a couple of items, #2 mostly that I have listed as a quick hit list. Thanks for the info.

Well, I am going to go change all my passwords, which are all the same in some way, shape or form. Because of reading previous articles of yours, I have Just Cloud back up, and a malware dystroyer…Love your articles, I have learned so much!

Great application but a little on the geeky side for most people. Plus, it stores the backup local which is bad if your PC is stolen or your house burns down…. Probably better to go cloud with Crashplan or Carbonite. That being said, any backup is better than NO backup!

Spybot search and destroy is a great app. I uses to install it in all my systems and my customers systems.

Not really sure why I stopped using it. I think over the years my confidence has grown more and more with Microsoft Security Essentials.
Spybot is still a great app. I know a lot of ppl still use it so yeah, nothing wrong with keeping it on your system.